This invention relates to the Advanced Encryption Standard (AES) outlined in the Federal Information Processing Standards (FIPS) Publication 197. The AES standard defines the FIPS-approved algorithm that is used to encrypt and decrypt 128 bits of data using a 128, 192, or 256 bit key. When you encrypt (encipher) data the output is called ciphertext and when you decrypt (decipher) the ciphertext the output is called plaintext.
The AES algorithm executes a number of rounds that is dependent on the key size. For 128 bit key 11 rounds are executed, for 192 bit key 13 rounds are executed, and for a 256 bit key 15 rounds are executed. Referring to FIG. 1, the AES algorithm for encryption consists of four transformations: AddRoundKey 100; SubBytes 101; ShiftRows 102; and MixColumns 103.
Referring to FIG. 2, the AES algorithm for decryption consists of four transformations: AddRoundKey 100; InvShiftRows 201; InvSubBytes 202; and InvMixColumns 203. The AES algorithm also defines a method of key expansion that creates a round key for each round execution of the algorithm. These round keys are utilized in the AddRoundKey 100 transformation.
The AddRoundKey 100 transformation is specified as a simple bitwise exclusive or operation executed on the plaintext (encryption)/ciphertext (decryption) and round key. Referring to FIG. 3 schematically depicts the transformation. Each data bit 300 and each round key bit 301 are combined in exclusive OR 302 and stored in flip flop (or latch) 303, for all 128 data bits. Round 1 of the AES algorithm only executes the AddRoundKey 100 transformation, while all remaining rounds execute multiple transformations. This leaves round 1 vulnerable to side channel power attacks.